CVE-2019-5016Sensitive Information Exposure in Kcodes

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
2.4%
top 14.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Talos KcodesKcodes Netusb.koNetgear R7900 Firmware+1 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. A specially crafted index value can cause an invalid memory read, resulting in a denial of service or remote information disclosure. An unauthenticated attacker can send a crafted packet on the local network to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages4 packages

NVDkcodes/netusb.ko1.0.2.66, 1.0.2.69+1
CVEListV5talos/kcodesNETGEAR Nighthawk AC3000 (R7900) Firmware Version V1.0.3.810.0.37 (11/1/18) - NetUSB.ko 1.0.2.69, NETGEAR Nighthawk AC3200 (R8000) Firmware Version V1.0.4.2810.1.54 (11/7/18) - NetUSB.ko 1.0.2.66+1
NVDnetgear/r7900_firmware1.0.3.810.037
NVDnetgear/r8000_firmware1.0.4.28_10.1.54

🔴Vulnerability Details

2
GHSA
GHSA-qxr6-vhx6-6r6g: An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB2022-05-24
CVEList
CVE-2019-5016: An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB2019-06-17
CVE-2019-5016 — Sensitive Information Exposure | cvebase